Using the @CustomFormAuthenticationMechanismDefinition annotation, the application can be configured to use a custom form for authentication. Here, we can specify the custom login page and an implementation for validating the credentials, as follows:

@CustomFormAuthenticationMechanismDefinition(
        loginToContinue = LoginToContinue(loginPage = "/login.jsf"))
@ApplicationScoped
class ApplicationConfig : Application() {
    override fun getClasses(): Set<Class<*>> {
        val classes = HashSet<Class<*>>()
        classes.add(Controller::class.java)
        return classes
    }
}

We can also implement the HttpAuthenticationMechanism interface and provide the custom authentication mechanism.

The HttpAuthenticationMechanism defines three functions, as follows:

AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException;

  default AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
    return AuthenticationStatus.SUCCESS;
  }

  default void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) {
    httpMessageContext.cleanClientSubject();
  }

Note that the validateRequest() function is abstract, and default implementations are provided for the other two functions.

We need to implement the validateRequest() function and use an IdentityStore implementation to validate the credentials that we received from the request:

override fun validateRequest (
      req:HttpServletRequest,
      res:HttpServletResponse,
      context:HttpMessageContext):AuthenticationStatus {
        val result = myIdentityStore.validate(
          UsernamePasswordCredential(
            req.getHeader("name"),
            req.getHeader("password")))
            //…
}